IG 7.1.2

Deprecation

IG logs a warning message each time it evaluates a call to a deprecated function. Under high loads, logging high numbers of messages can reduce performance. Consider the impact on performance if you decide to continue to use deprecated functions in your deployment.

Deprecation is defined in ForgeRock Product Stability Labels.

Deprecated Functionality in IG 7.1.2

The following additional properties are deprecated in this release:

Object Deprecated Settings Replacement Settings

matches

Replaced by matchesWithRegex or find.

matchingGroups

Replaced by findGroups.

Deprecated Functionality in IG 7.1.1

No additional functionality was deprecated in this release.

Deprecated Functionality in IG 7.1

The following features and properties are deprecated:

Delivery of IG war file

The delivery of a .war file is deprecated in this release and may be removed in the next release.

Methods to read or set query and form parameters

The request.form method used in scripts to read or set query and form parameters is deprecated. Use the following methods instead:

  • Request.getQueryParams() to read query parameters.

  • Entity.getForm() to read form parameters.

  • Entity.setForm() to set form parameters.

LdapClient class and 'ldap' script binding

The LdapClient class and the ldap script binding are deprecated.

Object Deprecated Settings Replacement Settings

AmService

password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

AuditService

event-handlers

Replaced by eventHandlers.

CapturedUserPasswordFilter

key

Replaced by keySecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

ClientHandler

proxy subproperty password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

  • keyManager

  • sslCipherSuites

  • sslContextAlgorithm

  • sslEnabledProtocols

  • trustManager

Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.

websocket subproperties:

  • keyManager

  • sslCipherSuites

  • sslContextAlgorithm

  • sslEnabledProtocols

  • trustManager

Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.

ClientRegistration

  • keystore

  • privateKeyJwtAlias

  • privateKeyJwtPassword

Replaced by privateKeyJwtSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

name, when used to identify a registration

Replaced by clientId. For information, see ClientRegistration, and the example route in Use Multiple OpenID Connect Providers.

clientSecret

Replaced by clientSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

CorsFilter

origins

Replaced by acceptedOrigins. For information, see CorsFilter.

CryptoHeaderFilter

Whole object

Not replaced. For information, see CryptoHeaderFilter.

DesKeyGenHandler

Whole object

Not replaced. For information, see DesKeyGenHandler.

ElasticsearchAuditEventHandler

Whole object

Not replaced.

JwtBuilderFilter

signature subproperties:

  • keystore

  • alias

  • password

Replaced by signature property secretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

JwtSession

encryptionSecretId and signatureSecretId

Replaced by authenticatedEncryptionSecretId and encryptionMethod.

cookieName and cookieDomain

Replaced by cookie, and its subproperties name, domain, path, secure, httpOnly.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

Combination of password, alias, and keystore Combination of passwordSecretId, alias, and keystore

Replaced by encryptionSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

sharedSecret

Replaced by signatureSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

KeyManager

password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

KeyStore

password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

OpenAmAccessTokenResolver

Whole object

Not replaced. For information, see OpenAmAccessTokenResolver.

ReverseProxyHandler

  • keyManager

  • sslCipherSuites

  • sslContextAlgorithm

  • sslEnabledProtocols

  • trustManager

Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.

websocket subproperties:

  • keyManager

  • sslCipherSuites

  • sslContextAlgorithm

  • sslEnabledProtocols

  • trustManager

Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.

Route

monitor

Replaced by the Prometheus Scrape Endpoint and Common REST Monitoring Endpoint. For information, see Monitoring Endpoints.

SingleSignOnFilter

logoutEndpoint

Replaced by logoutExpression.

SplunkAuditEventHandler

Whole object

Not replaced.

SqlAttributesFilter

dataSource as a JNDI lookup name

Replaced by dataSource as a JdbcDataSource configuration object.

StatelessAccessTokenResolver

signatureSecretId

Replaced by verificationSecretId.

encryptionSecretId

Replaced by decryptionSecretId.

UserProfileFilter

ssoToken

Replaced by username in UserProfileFilter.

amService and profileAttributes

Replaced amService and profileAttributes, as sub-properties of userProfileService

The environment variable and system property that define the file system directory for configuration files.

OPENIG_BASE and openig.base

Replaced by IG_INSTANCE_DIR and ig.instance.dir.

If neither the deprecated setting nor the replacement setting are provided, configuration files are in the default directory $HOME/.openig (on Windows, appdata\OpenIG).

If the deprecated setting and the replacement setting are both provided, the replacement setting is used.

Copyright © 2010-2023 ForgeRock, all rights reserved.